Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies


This tutorial is an attempt to help you re-route all internet winsock applications in ms windows trough a socks chain, thus making your connections much more anonymous.


The more different hops you make your data jump, the more difficult it will be to trace it back. take this route for example:

you –> socks1 –> socks2 –> socks3 –> … –> socksx –> target

People who want to trace you will have to contact x persons to ask their them for their logs. chances are one of them didn’t log… and if they logged, the ip seen by each host/socks is the ip of the previous host/socks in the chain.

This works for:

  • icq-like tools
  • ftp clients
  • mail clients
  • telnet clients
  • portscanners
  • (just about anything that uses the internet)

It doesn’t work on most irc servers since they often check for open wingates
and proxies.

Now let’s do it

1) First you need to find some boxes running wingate, we look for wingates since the default installation of wingate includes a non-logging socks server on port 1080

Visit or for some wide-known wingate ips, or even better: you could try to find some yourself.

To do this, i would suggest you use ‘proxy hunter’, available for download at be sure to look for wingates (port 23) and not for socks, as we only want wingate socks.

You could also use wingatescan, available for download at

Speed is very important since we will be using multiple socks, and we don’t want our programs to time out. with the klever dipstick tool, you can find out which are the fastest ones. (get the klever dipstick program at

Just fire off Dipstick. Rightclick in the small green rectangular and choose Show main window. To import a list of wingates, just click on Advanced, choose Import List and select your file.

You can also manually ping a simple host by clicking on Manual Ping. Use those wingates with the smallest average time. *duh*

2) Second, check if the wingates from the list are actually running :)

There are a lot of programs that can help you with this.

3) Third, install a program that will intercept all outgoing networking calls.

I use the great tool sockscap for this purpose. you can get it at

In the setting, enter this as socks server : port 8000. Click on ‘socks version 5’. click ‘resolve all names remotely’. Uncheck ‘supported authentication’.

In the main window, choose new and then browse to create a shortcut for the internet client you want to give socks support.

Repeat this step for every program you want.

4) Install SocksChain

Download it at

In the service menu, click on new. enter ‘Chain’ as name and ‘8000’ as port to accept connections on.

Click on new and fill in the ips of the fastest wingates you found, but this time, use port 1080 for this (and not the port 23)

Using the ‘<' and '>‘, you can add and remove socks. be sure to test all socks one by one before adding them all to the list in once, because if one of them is bad, you chain will not work and you will not be able to locate the bad socks in the chain.

If all of them seem to work, you use the ‘<' key to add them all (mind speed problems. 4 or less is fine. i think 10 or 13 is the limit put by tcp/ip) Testing your anonymous setup

To check what socks your computer is connecting to, you can use x-ploiters totostat ( look for connections to port 1080, the remote ip found there should be the first ip found in your chain in sockschain.

use the shortcut in sockscap that points to your browser, and connect to or

Use your shortcut in sockcap to start your telnet client then telnet to

In all the above cases, the remote server should show you the ip of the last server in the sockschain. if you look at the sockschain program while surfing you should see the chain being built up.

Some final remarks

Never use internet explorer to do tricky stuff as it might reveal your ip. my personal favorite browser is opera 4.0 (, Darknet recommends Firefox.

To avoid info being sent out, we could install another proxy between the sockscap and the sockschainer proxy that would filter out those things. A4proxy is an example of a proxy capable of doing such things or Proximitron which Darknet uses.

Remember, if you want to do the real stuff, better switch to Linux like Ubuntu.

Written by Zoa_chien – EFNet – Updated with current info, lists and URL’s by Darknet.

Digg This Article

Posted in: Hacker Culture, Networking Hacking Tools, Privacy


Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

4 Responses to Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies

  1. grok August 26, 2006 at 2:08 pm #

    first off, thanks for the great tutorial. i just thought i’d help carry on your advice for windows users a little further for those that do not want to do the “manual labor” of discovery and maintenance of their proxy list.

    since you’re providing this solution for windows based users i’d recommend an even easier (in the terms of fire and forgetfulness) of using “The Onion Router” ( this is a solution which will provide you with the same functionality (multi-hop anonymous proxy connections that works almost like a p2p network) which are implemented with no logging enabled.

    There are simple installation instructions to follow to get this setup. There’s even a firefox plugin that allows you to switch between a “proxied-out” connection and a non-proxy connection.

    Using google as a simple test as to whether it was working or not, I’d see the languange they’d present their page to me in a non-english language nearly every time. (Sometimes chinese, german, etc.) on those very few occaisions when it wasn’t presented i’d use another page to show me the connection info. although i do like your first link alot better than my old method and have updated my notes to use it now. (btw the second link was down due to ddos attack)

    again i’d like to thank you for the time and effort you put into your tutorial and offer this up only as another way to skin the same cat.


  2. CS Shyam Sundar August 26, 2006 at 3:19 pm #

    ‘tor’ is a lot better !!! ;-)

  3. Darknet August 26, 2006 at 3:46 pm #

    Hey guys, I do agree Tor is better, I did cover it in a fair amount of detail in this article – Anonymity – Hiding your identity in 2006

    I just felt like doing something a bit old-skool :)


  4. scanner August 30, 2006 at 10:46 pm #

    Nice article Darknet

    The way I used to remain relatively anonymous is to log into undernet or efnet and issue a

    /who *dsl*

    Select an ip from the returned addresses and scan the class c for port 80 and 8080.

    Set up a for loop and use hydra or manually try log into (via tor) the routers you find with the default login:pwd. There are an amazing ammount of dsl routers with default login and passwords.

    Some common routers (newer DLink, Dynalink, BT Voyager, Billion, Nokia M11, etc.) let you port forward/NAT externally (ie bounce from the external ip to another ip on the Internet rather that only performing NAT to the local network.)

    Set up port forwarding/NAT and chain the routers together:

    you > tor > router > router > router > target.

    I’ve been doing this for quite a few years and the amount of default logins for dsl routers seems to be increasing.

    There is also fun to be had cracking the machines behind the routers :)

    I don’t agree with using *only* tor for anonymous hacking. It gives it a bad name and I’m sure hacking/cracking isn’t the use the tor developers have in mind. Much better that an anonymous dsl ip shows up in the logs than a tor gateway.

    Cheers then!